News Avenue

Monday 23 October 2017

Einstein’s secret to happiness discovered in 95-year-old notes written in Japan


ALBERT Einstein’s secret to happiness has been revealed in 95-year-old notes written in Japan ahead of their auction. In a note given to a courier at the physicist’s hotel room in Tokyo, the Nobel Prize winner shared his hidden secret to a happy life.
The note reads: “A quiet and modest life brings more joy than a pursuit of success bound with constant unrest.” Einstein also handed the courier a second note that states: “Where there's a will, there's a way.” It is reported that after delivering Einstein a message, the physicist did not want the employee to leave without a tip, but due to their refusal to accept because of local Japanese customs, he gave him his secret to happiness instead.
The Nobel Prize winner is reported to have stated: “Maybe if you're lucky those notes will become much more valuable than just a regular tip.” The quotes come from the Hamberg seller of the notes that chose to remain anonymous.

Share:

Snoop Dogg Targets Trump👱🏻 in New Song 'Make America Crip Again'

Hip-hop is going hard at President Donald Trump, and Snoop Dogg is the latest rapper to step into the ring.

Snoop Dogg accused the President of neglecting various communities in America, voiced his support for San Francisco 49ers quarterback Colin Kaepernick and called on black athletes to form their own football league in the title track of his forthcoming album, "Make America Crip Again." 
"The President said he wants to make America great again. F--- that s---, we gonna make America Crip again," the track begins, referencing the infamous Los Angeles gang.

The album cover pictures a blue hat with the words "Make America Crip Again" -- a clear dig at Trump's "Make America Great Again" campaign slogan. Members of the gang have traditionally worn blue clothing.

Share:

Tesla reportedly made deal to open a manufacturing facility in Shanghai


Tesla has reportedly made a deal with the government in Shanghai to open up a manufacturing facility in the city’s trade-free zone. Foreign car-makers traditionally partner with local manufacturers, but that will reportedly not be the case with Tesla. Instead, Tesla will own the entire factory. That means Tesla will be able to cut some costs of production and ultimately the sale price of Teslas in China, but it will likely still be responsible for paying China’s 25 percent import tariff.
Rumors of this deal first surfaced in June, when Bloomberg reported Tesla was in talks with Shanghai’s local government to build its cars there for the first time. Tesla later confirmed it was in talks to build a factory in Shanghai.
China has the world’s largest vehicle market and has aggressive targets for electric cars. The Chinese government is aiming to sell seven million electric vehicles a year by 2025. In September, China ordered all car-makers operating in China to start making EVs by 2019.

Share:

How to Get Started with the lightweight IoT Protocol Introduction

How to Get Started with the lightweight IoT Protocol
Introduction


Everybody talks about the Internet of Things nowadays. Increasingly affordable micro controllers like Arduino and Raspberry Pi are enabling cheap devices that measure sensor data and send it over the internet. The goal of this post is to introduce the lightweight protocol MQTT and its capabilities to send data between devices and other systems and to demonstrate them by implementing two clients with Eclipse Paho.

The term Internet of Things was first used by Kevin Ashton in 2009 for interconnecting physical devices over the internet. The basic idea is very simple: Physical devices can exchange data between each other or being controlled by others. Examples of such devices would be a refrigerator, a car, a building or basically any other electronic device. One of the most common use cases is the collection, transmission, consolidation and displaying of sensor data. The results could be a web dashboard with the aggregated values or an alarm, when a threshold is exceeded.
The application scenarios are almost unlimited. Imagine your alarm clock would know that your train to work is 15 minutes late and adjust itself accordingly. Also your coffee maker is switched on automatically 15 minutes later to make you a hot cup of coffee before you leave for work. Sounds like the future ? All that is already possible today. Ericsson predicts that in 2020 50 billion devices are connected over the internet. The communication between the huge amount of devices is enabled by IPv6 and lightweight communication protocols like MQTT.

Share:

Sunday 22 October 2017

National Addressing System (GPS): Technical Review (Security Issues)

I heard about the growing debate on the National Addressing System in the Tech Community. I have read couple of articles on the flaws and issues with usability. I decided to take a different perspective by looking at the security aspect  of the entire system. In order to identify various security loopholes l decided to build my own version using CSS, HTML, JavaScript, Bootstrap  and JQuery. See attached screenshots for my version. Below are the issues identified

1. I managed to map out their entire API's urls and realized l can simply make CRUD requests without any authentication. So l decided to use their own API and Database instead of creating my own Database and API

2. Ideally running from my local machine, their web server should reject any HTTP request from unknown Domain or using Basic CORS restrictions. My App managed to break through

3. Since l can make requests to their API easily, l can as well perform SQL injection.

4. I managed to get the list of all the Districts in their system with a simple HTTP Get request. See attached image

5. They keep reaching the limit of their Google MAP API usage, and l keep getting repeated warnings. Hacker can easily use their Google Map API and run billions of requests to increase their API usage charges. To test this, l run 500 requests at once. And see the attached image. Error: The API project is not authorized to use this API"

6. I did a basic Clickjacking ( a type of attack where a malicious site wraps another site in a frame)  on the website and it succeeded.

7. Their input fields to enter name and phone number accept gibberish. This means that the platform is vulnerable  to Cross site scripting (XSS), a type of an attack that allow a user to inject client side scripts into the browsers of other user.

8. Also, irrespective of which country l am currently located, the system generates unique code for me. Hackers would love this; because if l am located in USA, for example, l can generate millions of unique codes. Their database would be overwhelmed and eventually break down. Instead of 16.1 billion unique codes estimated by Vokacom for 27 million Ghanaians; it could be quadruple, quintuple, sextuple, septuple, octuple, ..., n‑tuple. Basically, 16,000,000,000 x n-tuple.  Can you think about the massive amount of redundant data generated?

9. And the list goes on and on

The Government has very good vision for Ghana, however, Vokacom cannot deliver such a poor platform to the Government for such an incredible amount. I will encourage the Government to hire security experts to really look into this.
Share: